信息通信学术期刊网 | 设为首页 | 加入收藏
首 页   |  期刊简介   |  编辑委员会   |  投稿须知   |  广告咨询   |  期刊订阅   |  会议活动   |  联系我们   |  English

网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (6): 21-32.doi: 10.11959/j.issn.2096-109x.2017.00169

• 学术论文 • 上一篇    下一篇

基于静态分析的Android应用事件输入生成方法

叶益林,周振吉,洪征,颜慧颖,吴礼发   

  1. 解放军理工大学指挥信息系统学院,江苏 南京 210007
  • 出版日期:2017-06-15 发布日期:2017-06-21
  • 基金资助:
    江苏省自然科学基金资助项目

Static-analysis-based event input generation approach for Android application

Yi-lin YE,Zhen-ji ZHOU,Zheng HONG,Hui-ying YAN,Li-fa WU   

  1. Institute of Command Information System,PLA University of Science and Technology,Nanjing 210007,China
  • Online:2017-06-15 Published:2017-06-21
  • Supported by:
    The Natural Science Foundation of Jiangsu Province

摘要:

提出了一种基于静态分析的Android应用动态分析事件输入生成方法。以组件间调用图和单个组件内部系统依赖图为基础,提取组件内部安全相关回调方法依赖的事件输入,并设计了一种事件输入算法,自动生成Android应用运行时依赖的事件输入。实验结果表明,相比已有工作,所提方法能够达到更高的权限方法和基本组件覆盖率,覆盖更多安全相关的执行路径,有助于动态分析过程中收集更多安全相关的运行时行为。

关键词: Android, 事件输入, 动态分析, 系统依赖图

Abstract:

A static-analysis-based event input generation approach for Android applications was proposed.Based on the inter-component call graph and the system dependence graph of single component,the event inputs that security-related callbacks depend on were extracted.Furthermore,an event input algorithm was designed to automatically generate event inputs according to Android application runtime.The experimental results show that the proposed method can achieve higher coverage of permission methods and basic components,which can cover more security-related execution paths and help to collect more security-related runtime behaviors during the process of dynamic analysis.

Key words: Android, event input, dynamic analysis, system dependence graph

版权所有 © 2015 《网络与信息安全学报》编辑部
地址:北京市丰台区成寿寺路11号邮电出版大厦8层 邮编:100078
电话:010-81055479,010-81055456,010-81055483  电子邮件:cjnis@bjxintong.com.cn